Enabling an authentication device with temporary target

ABSTRACT

A method of enabling an authentication device includes providing a first enabling target. One or more attributes of the first enabling target is measured with the authentication device at a first time and compared to a first predetermined expected value. When the at least one measured attribute of the first enabling target matches the first predetermined expected value, the authentication device is enabled for only a first predetermined enablement time.

CROSS REFERENCE TO RELATED APPLICATIONS

Reference is made to commonly-assigned copending U.S. patent applicationSer. No. ______ (Attorney Docket No. K001734US01NAB), filed herewith,entitled AUTHENTICATION DEVICE WITH TEMPORARY ENABLING TARGET, by Cok etal., to commonly-assigned copending U.S. patent application Ser. No.13/587,119 (now U.S. Publication No. 2014/0048723), filed Aug. 16, 2012,entitled AUTHENTICATION WITH ACCESS CONTROL AND CALIBRATION, by Pawliket al.; and to commonly-assigned copending U.S. patent application Ser.No. 13/587,139 (now U.S. Pat. No. 8,619,245), filed Aug. 16, 2012,entitled AUTHENTICATION DEVICE WITH ACCESS CONTROL AND CALIBRATION, byPawlik et al.; the disclosures of which are incorporated herein.

FIELD OF THE INVENTION

This invention relates to item authentication using an enabledauthentication device to test targets having embedded markers andthereby deter counterfeit products.

BACKGROUND OF THE INVENTION

Marker-plus-reader-based authentication systems can be used todistinguish authentic from counterfeit items. The authentication isbased on detecting the presence of secret markers in authentic itemswith special readers. The reader responds to the detected presence ofthe secret markers by giving a pass/fail indication. It is importantthat the reader (authentication device) does not fall into unauthorizedpossession because its pass/fail functionality can be exploited tomanufacture a replicated security feature on the counterfeit item.

It is useful therefore to have a means of enabling the authenticationdevice that cannot be realized by possessing the authentication devicealone. Such an enabling means could be, for example, a key or password.However, the corresponding lock or password request on theauthentication device could make apparent such a security mechanism anda counterfeiter would attempt to disable the lock or password mechanism.

Because there are ongoing efforts to counterfeit goods and to circumventthe efficacy of counterfeit detection systems, an authentication devicewith improved security is desirable.

SUMMARY OF THE INVENTION

Briefly, according to one aspect of the present invention anauthentication device requires an enabling target to activate and enablethe authentication device; the enabling target is separate from theauthentication device. Thus, the possession of the authentication devicedoes not make the need for an enabling target readily apparent.

In an embodiment of the present invention, a method of enabling anauthentication device includes providing an enabling target; measuringone or more attributes of the enabling target with the authenticationdevice; comparing at least one measured attribute to a predeterminedexpected value; and enabling the authentication device for only apredetermined enablement time when the at least one measured attributematches the predetermined expected value. The authenticator can then beoperated to authenticate an item.

In one embodiment, an “enabling” target is a coating containing themarkers that the authenticator can detect in a predeterminedcomposition. The markers in the enabling target decay over time so thatafter the predetermined enablement time, the at least one measuredattribute of the target markers no longer matches the predeterminedexpected value. In another embodiment, the at least one measuredattribute is recorded in the authenticator so that subsequent attemptsto enable the authenticator with the same target will fail. In yetanother embodiment, the predetermined expected value changes over timeso that different enabling targets are required to re-enable theauthentication device.

In accordance with the present invention, a method of enabling anauthentication device includes providing a first enabling target;measuring one or more attributes of the first enabling target with theauthentication device at a first time; comparing at least one measuredattribute of the first enabling target to a first predetermined expectedvalue; and enabling the authentication device for only a firstpredetermined enablement time when the at least one measured attributeof the first enabling target matches the first predetermined expectedvalue.

The present invention provides an authentication device and method withenhanced security.

The invention and its objects and advantages will become more apparentin the detailed description of the preferred embodiment presented below.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other features and advantages of the present inventionwill become more apparent when taken in conjunction with the followingdescription and drawings wherein identical reference numerals have beenused to designate identical features that are common to the figures, andwherein:

FIG. 1 is a schematic diagram of an authentication device and anauthentic item;

FIG. 2 is a flow diagram illustrating a method of the present invention;

FIG. 3 is a flow diagram illustrating a more detailed method of thepresent invention;

FIG. 4 is a schematic diagram of an authentication device and enablingtarget according to an embodiment of the present invention;

FIGS. 5A and 5B are a flow diagram illustrating a more detailed methodof the present invention;

FIG. 6 is a flow diagram illustrating a more detailed method of thepresent invention;

FIG. 7 is a schematic diagram of an authentication device and a securitymarker detection system according to an embodiment of the presentinvention; and

FIG. 8 is a graph illustrating an example of measurement results for theauthentication device under different conditions.

DETAILED DESCRIPTION OF THE INVENTION

The present invention is directed in particular to elements forming partof a device or to elements that cooperate with a device in accordancewith the present invention. It is to be understood that elements notspecifically shown or described may take various forms well known tothose skilled in the art.

Referring first to FIG. 1, an authentication device (security markerdetection device) 10 includes an on/off switch 11 to power anauthentication pass indicator 14 or an authentication fail indicator 16in response to operating a test button 12 when presented with an item 18containing markers in a predetermined composition. Upon power-up, theauthentication device 10 cycles through a sequence of opticalmeasurements, discussed in more detail below. If the item 18 doescontain markers in a predetermined composition, the authenticationdevice 10 detects the markers, compares the markers to a predeterminedexpected value to detect a match, and operates the authentication passindicator 14 (as shown) and the item 18 is authenticated. If the item 18does not contain markers in the predetermined composition, theauthentication device 10 compares whatever markers are detected, if any,to the predetermined expected value but does not detect a match, andtherefore operates the authentication fail indicator 16 (not shown) andthe item 18 is not authenticated.

Referring now to FIG. 2, in an embodiment of the present invention, theauthentication device 10 has an enabling mode and a normalauthentication mode (operating mode). When the authentication device 10is first provided to a user in step 100, the authentication device 10 isin the enabling mode and is not effective to authenticate an item. Theauthentication device 10 is then enabled for a predetermined time instep 105 to operate in the normal authentication mode. Theauthentication device 10 can then be operated in step 110 toauthenticate the items 18 as described above with respect to FIG. 1. Inan embodiment, at any time after being placed in the normalauthentication mode, the authentication device 10 can be re-enabled andthe predetermined time reset. Once the predetermined time has expired bywaiting (step 115), the authentication device 10 is disabled in step120, after which the authentication device 10 will no longer operate innormal authentication mode and is placed in the enabling mode.Disablement can be performed, for example, by disabling the function ofthe test button 12 or by setting a mode control value.

Referring next to FIGS. 3 and 4, the enabling step 105 is described inmore detail. The authentication device 10 is provided in step 150 in theenabling mode with a first enabling target 17 and operated with the testbutton 12 (or another control, not shown) in step 155. One or moreattributes of the first enabling target 17 is measured with theauthentication device 10 at a first time in step 160. At least onemeasured attribute of the first enabling target 17 is compared to afirst predetermined expected value in step 165. If the at least onemeasured attribute does not match the first predetermined expected valuein step 170, the process of enabling the authentication device 10 beginsagain. If the at least one measured attribute does match the firstpredetermined expected value in step 170, the authentication device 10is enabled for only a first predetermined enablement time by placing theauthentication device 10 in the normal authentication mode in step 175and setting a timer in the authentication device to the firstpredetermined time in step 180. In an embodiment (not shown), theauthentication device can provide an indicator signal that normalauthentication mode is operable, for example by operating a separateindicator (not shown) or operating the authentication pass indicator 14or authentication fail indicator 16 in a unique way (such as blinkingthe indicators 14, 16 or operating the indicators 14, 16simultaneously).

In a further embodiment of the present invention, the method describedin FIG. 3 is repeated for a second enabling target. A second enablingtarget is provided (step 150), its attributes measured (step 160) withthe authentication device 10 at a second time after the first time, atleast one measured attribute of the second enabling target is comparedto a second predetermined expected value (step 165) different from thefirst predetermined measured value, and the authentication device 10 isenabled for only a second predetermined enablement time when the atleast one measured attribute of the second enabling target matches thesecond predetermined expected value (steps 170, 175, 180).

By providing a second enabling target 17, the authentication device 10is re-enabled after the predetermined enablement time has expired (step115). Thus, by providing successive enabling targets 17, theauthentication device 10 is periodically re-enabled and theauthentication device 10 operates as long as the enabling targets 17 areperiodically provided.

In an embodiment of the present invention, the measured attribute valuesof the first enabling target 17 are recorded and a comparison torecorded attribute values made as a part of the enabling process. If apreviously recorded comparison attribute is found to match a currentcomparison attribute, the authentication device 10 is not re-enabled.Thus, enabling targets 17 cannot be reused. Referring to FIG. 5A, thecompared attribute of step 165 is recorded in step 176 after the match(step 170) is successfully determined as part of the enablement processof FIG. 3. As shown in FIG. 5B, the recorded attributes are compared tothe attribute of the current enabling target in step 172. If a match isdetected in step 174, the enabling target 17 has been used before, theauthentication device 10 is not enabled and another enabling target 17is awaited. If a match is not detected in step 174, the enabling target17 has not been used before and the authentication device is 10 enabledin step 175. In different embodiments, step 170 and step 174 areperformed in different temporal orders.

Thus, in an embodiment of the present invention, one or more at leastone measured attribute of the first enabling target 17 is recorded. Oneor more attributes of the first enabling target 17 is measured with theauthentication device 10 at a second time after the first time. The atleast one measured attribute of the first enabling target 17 measured atthe second time is compared with the recorded attribute(s) and theauthentication device 10 is not enabled when the at least one attributeof the first enabling target 17 measured at the second time matches therecorded measured attribute(s).

In various embodiments, the comparison step is dependent upon thepredetermined enabling time so that the second enabling target 17 cannotbe used until the predetermined time has expired (step 115).Alternatively, the second enabling target 17 can be used even if thepredetermined time has not expired (as shown where step 105 follows step110 in FIG. 2). Hence, in an embodiment, the second time is at least thefirst predetermined time after the first time. The second predeterminedtime can be the same as the first predetermined time or different.

When a series of successive different enabling targets 17 is provided tosuccessively re-enable the authentication device 10, a correspondingsuccessive series of predetermined expected values matching the responseof the series of successive different enabling targets 17 is used forcomparison to re-enable the authentication device 10.

In one embodiment of the present invention, the response of a givenenabling target 17 is compared to all of the recorded predeterminedexpected values (see step 172 of FIG. 5B). In this embodiment, enablingtargets 17 are provided in any order.

Thus, in this embodiment, at least one measured attribute of each of theplurality of enabling targets 17 is compared to any of the plurality ofdifferent predetermined expected values recorded in the authenticationdevice 10. When the at least one measured attribute matches any of theplurality of predetermined expected values, the authentication device 10is enabled for the first predetermined enablement time. Furthermore, aplurality of different enabling targets 17 is provided together with oneor more predetermined enablement times. One or more attributes of eachof the plurality of different enabling targets 17 is measured with theauthentication device 10 and compared to any of the plurality ofdifferent predetermined expected values. When the at least one measuredattribute of each of the plurality of different enabling targets 17matches any of the plurality of predetermined expected values, theauthentication device 10 is enabled for one of the one or morepredetermined enablement times. In an embodiment, the successive seriesof predetermined expected values are recorded in the authenticationdevice 10.

In yet another embodiment, the plurality of different predeterminedexpected values is provided as an ordered set of different predeterminedexpected values and the plurality of enabling targets 17 are provided asa corresponding ordered set of enabling targets 17. Referring to FIG. 6,an ordered set of predetermined expected values is provided in step 200.A counter (arbitrarily designated as ‘X’) is initialized to 1 in step205 and a corresponding first enabling target 17 is provided in step 210and at least one measured attribute of the first enabling target 17 ismeasured in step 215 and compared with the corresponding firstpredetermined expected value in step 220. If a match is not found instep 170, the authentication device 10 awaits the correct first enablingtarget 17. If a match is found in step 170, the counter is incrementedin step 225 and the authentication device 10 enabled in step 175. Theauthentication device 10 is then operable in normal authentication modeand awaits the second enabling target or an elapse of the predeterminedtime that disables the authentication device 10.

The process repeats with successive enabling targets 17 and expectedvalues. Thus, according to this embodiment, one or more measuredattributes of each of the plurality of enabling targets 17 aresuccessively measured with the authentication device 10 at successivetimes in the order specified in the ordered set of enabling targets 17and compared with the corresponding one of the plurality of ordereddifferent predetermined expected values. When the at least one measuredattribute of the enabling target 17 matches the correspondingpredetermined expected value, the authentication device 10 is enabledfor one of the one or more predetermined enablement times. Thepredetermined enablement times can be different so that differentperiods of time elapse before the authentication device 10 is disabled(step 120). Once the authentication device 10 is enabled, it can beoperated in the normal authentication mode to authenticate items 18.

In a further embodiment of the present invention, to provide additionalsecurity, the authentication device 10 is disabled when the measuredattribute does not match the predetermined expected value. Thus, anattempt by a user to enable the authentication device 10 with aninappropriate enabling target 17 will disable the authentication device10. In other embodiments, a record is created when the authenticationdevice 10 is enabled or disabled or when at least one measured attributedoes not match the first predetermined expected value.

Referring to FIG. 7, a security marker detection system 39 detectsemission of security marker particles 20 in a non image-wise fashionusing an authentication device 10. The authentication device 10 includesa photodetector 40, a microprocessor 30, a memory 34 storing a firstpredetermined expected value and a first predetermined enablement time,a timer 36, a control 12, and an information display 32. Theauthentication device 10 can also include one or more irradiationsources 22 to direct exciting electromagnetic radiation 24 towards thesecurity marker particles 20 in the item 18 to be authenticated ortowards the first enabling target 17 (not shown). The excitingelectromagnetic radiation 24 can be in the ultraviolet, visible orinfrared wavelength range. Typical wavelengths are 400 nm-700 nm forvisible radiation, 200 nm-400 nm for ultraviolet radiation, and 700nm-2500 nm for infrared radiation. The item 18 contains a randomdistribution of security marker particles 20 either in an ink, in anovercoat varnish, or embedded in a substrate. The security markerparticles 20 emit electromagnetic radiation 26 as a response to theexciting electromagnetic radiation 24 from the irradiation sources 22that is detected by a photodetector 40 and amplified by an amplifier 42.A microprocessor 30 processes and analyzes the photodetector signal anddetermines a pass or a fail that is indicated on the authenticationindicator 32. Authentication indicator 32 can include the authenticationpass indicator 14 and authentication fail indicator 16 and otherindicators. Pass or fail indication can, for example, representauthentic and non-authentic items 18, respectively.

The authentication device 10 includes the memory 34 for storinginformation, including the first predetermined expected value, the firstpredetermined enablement time, mode, software, and a timer value, and atimer 36 for timing intervals of time. The authentication device 10 caninclude a computer having a stored program, memory, interfaces, andinput/output devices, as are commonly known in the art. In embodiments,the microprocessor 30, the memory 34, and the timer 36 are integratedcircuits including digital logic circuits and time base devices (clocks)as are well known in the computer engineering arts. The memory 34 caninclude volatile or non-volatile memory and can be distributed invarious circuits, including the microprocessor 30 and the timer 36, orcan include a separate integrated circuit connected directly orindirectly to either of the microprocessor 30 or the timer 36.

Suitable microprocessors 30, memories 34, timers 36, and authenticationindicators 32 are well known in the computing arts, as are usefulsoftware methods, state machine control, real-time hardware or software,interface control, indicator control, and user interaction techniques.In a particular embodiment, the micro-processor is a stored programmachine with a software program stored in the memory 34 or in a memoryintegrated with the microprocessor 30. The microprocessor 30 can be astate machine or execute the steps of a software state machine. Thesteps of the present invention are performed by executing the storedsoftware program by the micro-processor 30 and interacting with thevarious devices and elements in the authentication device 10 and thesecurity marker detection system 39. Suitable photodetectors 40 andamplifiers 42 are also well known in the optical arts.

The software stored in the memory 34 is operable by the microprocessor34 to measure one or more attributes of a first enabling target 17 oritems 18 at a first time, compare at least one measured attribute of thefirst enabling target 17 with the stored first predetermined expectedvalue, and enable the authentication device 10 to authenticate whenoperated by the control 12 for only the first predetermined enablementtime when the at least one measured attribute of the first enablingtarget 17 matches the first predetermined expected value. In general,the methods of the present invention and illustrated and described withrespect to the various figures are embodied in hardware that operates toperform the methods of the present invention or software programs storedin the memory 34 of the authentication device 10. The authenticationdevice 10 can a single device with separate parts or constructed ofseparate devices, for example networked or otherwise communicablyinterconnected devices.

The authentication indicator 32 can include light emitting diodes,alphanumeric displays, liquid crystal displays, or other informationdisplays known in the art. The amplifier 42 can include analog ordigital circuits for inputting a signal, amplifying or otherwiseprocessing the input signal, and converting it to a form usable by themicroprocessor 30, for example with an analog-to-digital converter, andproviding the converted signal to the microprocessor on an informationinterface, for example a Universal Serial Bus (USB) interface.Photodetectors 40 responsive to electromagnetic radiation to provideelectrical signals are known in the art and any of a variety of suchphotodetectors 40 is included in the present invention. Examples ofirradiation sources 22 include light emitting diodes (LED) or laserdiodes (LD).

The security marker particles 20 can include any fluorescent orphosphorescent material that is embedded in or on a substrate of item 18(for example a label) or enabling target 17 (for example a card) thatresponds to exciting electromagnetic radiation 24 from the irradiationsources 22 with emitted electromagnetic radiation 26 that is detectableby the photodetectors 40. Such materials and substrates are known in thechemical and printing arts, as are methods for the construction oflabels useful as items 18 and cards useful as enabling targets 17.

In an embodiment, the item 18 and the enabling target 17 can containsimilar materials in different amounts or spatial distributions. In analternative embodiment, the item 18 and the enabling target 17 includedifferent materials. In either embodiment, a similar process isperformed to authenticate the item 18 or enable the authenticationdevice 10 with the first enabling target 17.

The authentication device 10 conducts a series of optical measurementsto detect the composition of the security marker particle 20 componentsin either the item 18 or the enabling target 17 with the photodetector40 by causing security marker particles 20 in the item 18 to emitradiation as fluorescence or phosphorescence in response to irradiationby irradiation source 22, for example by controlling and powering theirradiation sources 22. Only if the response is within a tolerance bandcentered on predetermined expected values will the authentication device10 detect a match. Depending on the predetermined value matched, theauthentication device 10 is enabled to operate in normal authenticationmode and authenticates the item 18 tested. If the responses of theenabling target 17 or item 18 are outside the tolerance intervals, nomatch is found and no action taken, other than to indicate or record afailed authentication or enablement.

Because of gradual aging of components, external factors and generalmeasurement variability, the results of the measurements of the enablingtarget 17 will not always exactly match the stored values. The variancecan be a sign of degradation of the optical and electrical components ofthe sensing system in authentication device 10. The authenticationdevice 10 can compensate for these factors by calculating one or morecalibration factors that can be used to mathematically regenerate themeasurement results of a non-degraded system. The calibration factorsare then also used to correct the responses in the pass/failauthentication processes. Using this calibration approach, theauthentication device 10 can be operated with narrow pass bands andtherefore high selectivity while still maintaining robustauthentication.

FIG. 8 shows an example of measurement results of the authenticationdevice 10 under different conditions a) to f). In condition a), theauthentication device 10 was turned on in the absence of a firstenabling target 17. The authentication device 10 response, shown on thevertical axis, is well outside the acceptance band for a genuine firstenabling target 17 as indicated by the acceptance band bracket 50.Consequently, the authentication device 10 will remain in a disabledstate allowing no further authentication processes to proceed. Incondition b), the first enabling target 17 was present while theauthentication device 10 was turned on. The response in this conditionis within the acceptance bracket 50 and, as a result, the authenticationdevice 10 enters normal authentication mode allowing subsequentauthentication.

This measurement, however, also determines that the actual responsevalue of 5400 was below the expected value of 6000, which is the centervalue of the acceptance band. As a result, the authentication device 10will generate a calibration factor, in this case 1.111, which is appliedto future reading. In the absence of other measurement variability, asubsequent power-on of the authentication device 10 placed on the firstenabling target 17 will generate a response that exactly matches theexpected value c). In an embodiment, enabling targets 17 are used forcalibration rather than items 18 and the enabling target 17 havedifferent security particles 20 to distinguish them from items 18.

The effect of the calibration on the authentication results is shown insections d) and e) wherein the authentication device 10 is placed on anauthentic item 18. In section d, no calibration is used and the responsefalls slightly outside the acceptance band for an authentic item 52. Inthis case the authentic item 18 will be misidentified as non-authentic.However, when the calibration factor, 1.111 in this example, is used insection e), the response of the authentication device 10 is within theacceptance band for an authentic item and the item 18 will correctly beidentified as authentic. In the absence of a calibration procedure, theacceptance band for an authentic item 18 is wider, which reduces theselectivity of the authentication device 10. Section f) shows theresponse for a non-authentic item 18 which is outside the acceptanceband of the authentication device 10 leading to a fail indication.

The calibration process may incorporate a mathematical process such asmultiplication or convolution of the authentication device 18 responsewith a calibration factor stored in the memory 34 of microprocessor 30.It could also be a calibration factor that interacts with thecharacteristics of the irradiation source 22, photodetector 40, oramplifier 42, for example, by increasing the current of the irradiationsource 22 or the gain of the amplifier 42 when the response is below theexpected value, or by decreasing the current of the irradiation source22 or the gain of the amplifier 42 when the response is above thepredetermined expected value. Furthermore, while it is advantageous whencalibration and authentication are conducted using the same opticalcomponents, it is possible to design a system where the calibration andenabling step are conducted with optical components (e.g. irradiationsource 22 or photodetector 40 or both) that are different from thecomponents used for the authentication process. In this case, differentsecurity marker particles 20 could be involved in thecalibration/enabling and authentication steps.

As noted above, security marker particles 20 can degrade or decay overtime. In an embodiment of the present invention, the security markerparticles 20 are intentionally chosen, designed, or engineered to decayat a desired rate so that the enabling target 17 is a decaying enablingtarget 17. After a predetermined time related to the desired rate andsecurity-marker-particle response (emitted electromagnetic radiation 26in response to exciting electromagnetic radiation 24), theauthentication device 10 will receive a response that falls outside theauthentication band when the enabling target 17 is used to enable theauthentication device 10 so that the authentication device 10 is notenabled. Thus, the authentication device 10 is effectively disabled andsubsequently tested items 18 are not authenticated.

In an embodiment, the first predetermined time is selected to berelatively short, for example 24 hours. In this embodiment, a user ofthe authentication device 10 must re-enable the authentication device 10daily, for example as illustrated in FIG. 2. If the decay rate of thesecurity marker particles 20 in the enabling target 17 is chosen so thatthe authentication of the decaying enabling target 17 fails after onemonth, the authentication device 10 will cease operation after the onemonth has elapsed. Alternatively, the first predetermined time isselected to be the same as the decay failure time of the decayingenabling target 17, so that a user of the authentication device 10 canenable the authentication device 10 with a decaying enabling target 17only once. Thereafter, a new decaying enabling target 17 is required tore-enable the authentication device 10. In this embodiment, no record ofthe comparison attribute is necessarily kept or used for comparison inthe authentication device 10.

Thus, in a method of the present invention, one or more attributes ofthe first decaying enabling target 17 is measured with theauthentication device 10 at a first time to have a first value. One ormore attributes of the first decaying enabling target 17 is measuredwith the authentication device 10 at a second time after the first timeto have a second value different from the first value and the secondvalue does not match the first predetermined expected value so that theauthentication device is not enabled.

The authentication devices 10 and enabling targets 17 should be keptunder separate custody. If the authentication device 10 is stolen, itwill not function without the enabling target 17, at least not after thepredetermined period of time. The necessity of an enabling target 17 isinconspicuous because it is not requested by any authenticator response.Therefore, security for an authentication security system is improved.

The invention has been described in detail with particular reference tocertain preferred embodiments thereof, but it will be understood thatvariations and modifications can be effected within the scope of theinvention.

PARTS LIST

-   10 authentication device/security marker detection device-   11 on/off switch-   1 test button/control-   14 authentication pass indicator-   16 authentication fail indicator-   17 enabling target-   18 item-   20 security marker particle-   22 irradiation source-   24 exciting electromagnetic radiation-   26 emitted electromagnetic radiation-   30 microprocessor-   32 authentication indicator/information display-   34 memory-   36 timer-   39 security marker detection system-   40 photodetector-   42 amplifier-   50 acceptance band bracket-   52 acceptance band bracket for authentic item-   100 provide authentication device step-   105 enable authentication device for predetermined time step-   110 operate authentication device step-   115 wait predetermined time step-   120 disable authentication device step-   150 provide first enabling target step-   155 operate authentication device step-   160 measure one or more attributes of enabling target step-   165 compare attributer of first enabling target to expected value    step-   170 match step-   172 compare current attribute to recorded attribute step-   174 match step-   175 enable authentication device step-   176 record compared attribute step-   180 set timer to first predetermined time step-   200 provide ordered set of expected values step-   205 initialize counter step-   210 provide enabling target step-   215 measure one or more attributes of enabling target step-   220 compare attribute of enabling target to expected value step-   225 increment counter step

1. A method of enabling an authentication device, comprising: providinga first enabling target; measuring one or more attributes of the firstenabling target with the authentication device at a first time;comparing at least one measured attribute of the first enabling targetto a first predetermined expected value; and enabling the authenticationdevice for only a first predetermined enablement time when the at leastone measured attribute of the first enabling target matches the firstpredetermined expected value.
 2. The method of claim 1, furtherincluding disabling the authentication device after the firstpredetermined time.
 3. The method of claim 1, further including:providing a second enabling target; measuring one or more attributes ofthe second enabling target with the authentication device at a secondtime after the first time; comparing at least one measured attribute ofthe second enabling target to a second predetermined expected value; andenabling the authentication device for only a second predeterminedenablement time when the at least one measured attribute of the secondenabling target matches the second predetermined expected value.
 4. Themethod of claim 3, wherein the second time is at least the firstpredetermined time after the first time.
 5. The method of claim 3,wherein the first predetermined expected value is different from thesecond predetermined expected value.
 6. The method of claim 1, whereinthe first enabling target is a first decaying enabling target.
 7. Themethod of claim 6, further including: measuring one or more attributesof the first decaying enabling target with the authentication device ata first time to have a first value; measuring one or more attributes ofthe first decaying enabling target with the authentication device at asecond time after the first time to have a second value; and wherein thefirst value is different from the second value and the second value doesnot match the first predetermined expected value and the authenticationdevice is not enabled.
 8. The method of claim 1, further including:recording the at least one measured attribute of the first enablingtarget; measuring one or more attributes of the first enabling targetwith the authentication device at a second time after the first time;comparing at least one measured attribute of the first enabling targetmeasured at the second time with the recorded attribute; and notenabling the authentication device when the at least one attribute ofthe first enabling target measured at the second time matches therecorded measured attribute.
 9. The method of claim 1, further includingproviding a plurality of different predetermined expected values. 10.The method of claim 9, further including: comparing at least onemeasured attribute of each of the plurality of enabling targets to anyof the plurality of different predetermined expected values; andenabling the authentication device for the first predeterminedenablement time when the at least one measured attribute matches any ofthe plurality of predetermined expected values.
 11. The method of claim10, further including: providing a plurality of different enablingtargets; providing one or more predetermined enablement times; measuringone or more attributes of each of the plurality of different enablingtargets with the authentication device; comparing at least one measuredattribute of each of the plurality of different enabling targets to anyof the plurality of different predetermined expected values; andenabling the authentication device for one of the one or morepredetermined enablement times when the at least one measured attributeof each of the plurality of different enabling targets matches any ofthe plurality of predetermined expected values.
 12. The method of claim11, further including providing the plurality of different predeterminedexpected values as an ordered set of different predetermined expectedvalues and the plurality of enabling targets as a corresponding orderedset of enabling targets.
 13. The method of claim 12, further including:sequentially measuring one or more attributes of each of the pluralityof enabling targets with the authentication device at sequential timesin the order specified in the ordered set; comparing at least onemeasured attribute of each of the plurality of enabling targets with thecorresponding one of the plurality of ordered different predeterminedexpected values; and enabling the authentication device for one of theone or more predetermined enablement times when the at least onemeasured attribute of the enabling target matches the correspondingpredetermined expected value.
 14. The method of claim 11, furtherincluding providing a plurality of different predetermined enablementtimes.
 15. The method of claim 1, further including operating theauthentication device after it is enabled.
 16. The method of claim 1,further including disabling the authentication device when the measuredattribute does not match the predetermined expected value.
 17. Themethod of claim 1, further including creating a record when theauthentication device is enabled or disabled.
 18. The method of claim 1,further including creating a record when at least one measured attributedoes not match the first predetermined expected value.